FLoC: the Final Stage of Google’s Web Takeover?

Many observers say Google’s “private” web proposals are a bold move to consolidate its market dominance.

You’ve probably heard about Google’s plans to overhaul online advertising. Briefly, the plans include:

• Removing third-party cookies from Chrome
• Bucketing users into “cohorts” based on online behaviours (rather than individual targeting)
• Building protections against device fingerprinting

On the face of it, this sounds reasonable. But as Google reveals about its proposals, tech-watchers are increasingly cynical.

Concerns centre around both antitrust and privacy.

On the antitrust front, the U.K.’s Competition and Markets Authority (CMA) has been investigating Google’s plans since January, over concerns that Google’s plans would consolidate a dominant market position.

For my article about the CMA’s Google investigation, I spoke to Michelle Meagher, author of Competition Is Killing Us, who argues Google is using privacy as an “excuse” for monopolistic behaviour:

“What we’re seeing is Google attempting to use privacy as a shield or an excuse for consolidating its stranglehold over online advertising.”

“Google’s vision is for our privacy to be entirely protected — by them.”

The CMA’s investigation was triggered by the group Marketers for an Open Web, who claim the proposals would “effectively create a Google-owned walled garden that would close down the competitive, vibrant open web.”

Ken Glueck, executive vice president of Oracle, expressed a similar sentiment in a blog post last Sunday titled Google’s Privacy Sandbox — We’re all FLoCed:

Google’s sandbox is little more than an attempt at using privacy as a pretext to solidify its dominance. It creates anticompetitive rules for everyone to abide by, except for Google. Third parties — some people call them competitors — will be in the dark, but first parties — that would be Google — will have a 20/20 view into every consumer’s likes, desires, and location, to sell ads.

Side note: While Glueck provides an excellent overview of the concerns around Google’s Federated Learning of Cohorts (FLoCs), it’s important to note that Oracle derives significant value from cookies. I interviewed Rebecca Rumbul last year, who is bringing a case against Oracle over its alleged misuse of cookies.

Antitrust aside, there’s also considerable concern about whether Google’s plans are, in fact, good for privacy.

In his article 4 Big Questions About Google’s New Privacy Position, Johnny Ryan of the Irish Civil Liberties Council pointed out that we don’t yet know a lot about how private FLoCs will be:

Google’s new ad system will group people who share similar advertising targeting characteristics into “interest groups”. But it has not yet defined the minimum threshold (“k-anonymity threshold”) for the size of an interest group and the degree of uniqueness of characteristics of people within it.

Cohort size matters: smaller cohorts increase the likelihood that individuals can be identified.

In The Privacy Mirage, Eric Benjamin Seufert argued that Google isn’t really improving privacy at all — just redefining the concept so as to align with its business practices:

…by artificially defining “privacy” as the distinction between first- and third-party data usage, the largest platforms simply entrench their market positions… In this way, “privacy” is a mirage: the largest platforms define privacy such that it is always just one big, sweeping change away from being achieved.

Third-party cookies are bad for privacy. But is Google’s increased dominance worse? Perhaps the answer lies in restricting or amending Google’s proposals to ensure better competition (as interoperability research Ian Brown suggested to me).

The coming months will see Google release more information regarding its changes to online advertising. The proposals will require close scrutiny.